On October 20, 2021, the Splunk App for Windows Infrastructure will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for Windows Dashboards and Reports.
Sample DNS searches and dashboards
This topic lists searches that you can perform to confirm that Windows DNS data has arrived at the indexer.
If you're using TA-Windows version 6.0.0 or later, you don't need TA_AD and TA_DNS. TA_AD and TA_DNS are merged with TA-Windows version 6.0.0.
Search Windows DNS data
To confirm that Windows DNS data is present on the indexer, use the Search app:
- Log into Splunk Enterprise on the indexer, if you have not already.
- Load the Search app. In the system bar, select Apps > Search & Reporting. Splunk loads the Search app.
- Try the following searches to confirm that data is present:
This search confirms that the Splunk Add-on for Windows DNS are sending data to the indexer:
eventtype=perfmon-dns
Can't find the data?
Try the following:
- Use Forwarder Management to confirm that the Splunk Add-on for Windows DNS have been deployed to your deployment clients.
- Refer to the Troubleshooting manual for additional help.
Last modified on 17 October, 2019
| Confirm and troubleshoot DNS data collection | Install the Splunk App for Windows Infrastructure on the Search Head |
This documentation applies to the following versions of Splunk® App for Windows Infrastructure (Legacy): 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4
Download manual
Feedback submitted, thanks!